Group-IB
-
GoldFactory modifies banking apps to spread Android remote-access trojans across Southeast Asia, Group-IB reports
Group-IB said GoldFactory has been distributing modified banking apps across Thailand, Vietnam and Indonesia to deploy Android remote-access trojans that abuse accessibility services, and researchers uncovered a pre-release variant called Gigaflower with advanced data-extraction features.
-
Bloody Wolf campaign expands from Kyrgyzstan to Uzbekistan, delivers NetSupport RAT via Java loaders
Researchers report the Bloody Wolf hacking group used impersonated government PDFs and Java JAR loaders to deliver an older NetSupport RAT to targets in Kyrgyzstan and, later, Uzbekistan, employing geofencing and simple persistence techniques.
-
Over 4,300 Domains Used in Mass Phishing Campaign Targeting Hotel Guests
Researchers say a Russian-speaking threat actor registered more than 4,300 domains this year to run a large phishing campaign impersonating hotel booking services and harvesting payment data and credentials.
-
Iran-linked MuddyWater used compromised email to deliver Phoenix backdoor to 100+ MENA government targets, Group-IB says
Group-IB says Iran-linked MuddyWater used a compromised mailbox accessed via NordVPN to phish MENA organisations, deploying weaponised Word documents that installed the Phoenix v4 backdoor across more than 100 government targets and hosting RMM tools and a browser credential stealer on its C2 infrastructure.
